Accepting request 546406 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/546406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/curl?expand=0&rev=129

curl-7.56.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:961a25531d72a843dfcce87b290e7a882f2d376f3b88de11df009710019c5b16
-size 3799766

curl-7.56.1.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlnthGYACgkQXMkI/bce
-EsKH3gf/eexCXdgvW+LQELcw/up7deEp4R+BLQ17pekTgbJkUpTHjWS3n5QjlEFP
-ymUmNBKcqqWTo05wPb+yuNpwMkg5nwEzz/MB2oVGhAxnTysMfzY402pobh96Jowx
-FoXeJq9ihnq0yReEjPQb4hE/HptwaZHYk8rajH+zk+5WnXp+QieYTggqzL/Uv0WS
-HJqvF9jWJ3q+xqeMrg7l0fUbNdlraMsDw8UobDbNmBFoz8auj04a6lZcpWAWR0FN
-uanh2c5XZAwcbrxYqKTWZibaeoOyCmHkJ66kuyH138Ob6f8+lED/PRKBI/QRDYLS
-YG/2ky2u925JwLdeUYaCHOjD84yWBQ==
-=X+B1
------END PGP SIGNATURE-----

curl-7.57.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7ce35f207562674e71dbada6891b37e3f043c1e7a82915cb9c2a17ad3a9d659b
+size 3828358

curl-7.57.0.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAloefhsACgkQXMkI/bce
+EsLUjAf8DoTREKM+cq2Jezo36nPyjo1D+4yedCtThTSPnf2Vd5aeeFYWGpDBnFlD
+Vlp12RR72f2QsH46aa5xfpjxZTRGikgALVUpqkrT/2BtC41sMzNH84eF4vwmTJ3F
+Y57vp8ro/cGau2JV+zfvyColMghvvJWHtUl+uHB61TJ60CXrl7JtVBnNBHMuByQN
+lTO86FD6CrKiSy+wVth6ZI+EJmwAX1bAZRNByBv56UiBI5gVJsfmDNdS2WdC4bhu
+kcr60aDibFBLKHf87D8scAQUY9D1JUG9a0twY8hluesyn8blNRwIQT/4ByZTz6Aj
+0Te6LwPE/B18YRnYiSBnpw/Pqz1Y5w==
+=3iJv
+-----END PGP SIGNATURE-----

curl-mini.changes

@@ -1,3 +1,80 @@
+-------------------------------------------------------------------
+Wed Nov 29 10:43:55 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Update to version 7.57.0  [bsc#1069226, CVE-2017-8816]
+  [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
+  Changes:
+   * auth: add support for RFC7616 - HTTP Digest access authentication
+   * share: add support for sharing the connection cache
+   * HTTP: implement Brotli content encoding
+  Bugfixes:
+   * CVE-2017-8816: NTLM buffer overflow via integer overflow
+   * CVE-2017-8817: FTP wildcard out of bounds read
+   * CVE-2017-8818: SSL out of buffer access
+   * curl_mime_filedata.3: fix typos
+   * libtest: Add required test libraries for lib1552 and lib1553
+   * fix time diffs for systems using unsigned time_t
+   * ftplistparser: memory leak fix: free temporary memory always
+   * multi: allow table handle sizes to be overridden
+   * wildcards: don't use with non-supported protocols
+   * curl_fnmatch: return error on illegal wildcard pattern
+   * transfer: Fix chunked-encoding upload too early exit
+   * resolvers: only include anything if needed
+   * setopt: fix CURLOPT_SSH_AUTH_TYPES option read
+   * Curl_timeleft: change return type to timediff_t
+   * cmake: Export libcurl and curl targets to use by other cmake projects
+   * curl: in -F option arg, comma is a delimiter for files only
+   * curl: improved ";type=" handling in -F option arguments
+   * timeval: use mach_absolute_time() on MacOS
+   * curlx: the timeval functions are no longer provided as curlx_*
+   * mkhelp.pl: do not generate comment with current date
+   * memdebug: use send/recv signature for curl_dosend/curl_dorecv
+   * cookie: avoid NULL dereference
+   * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
+   * include: remove conncache.h inclusion from where its not needed
+   * CURLOPT_MAXREDIRS: allow -1 as a value
+   * tests: Fixed torture tests on tests 556 and 650
+   * http2: Fixed OOM handling in upgrade request
+   * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
+   * CURLOPT_INFILESIZE: accept -1
+   * curl: pass through [] in URLs instead of calling globbing error
+   * curl: speed up handling of many URLs
+   * ntlm: avoid malloc(0) for zero length passwords
+   * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
+   * HTTP: support multiple Content-Encodings
+   * travis: add a job with brotli enabled
+   * url: remove unncessary NULL-check
+   * fnmatch: remove dead code
+   * connect: store IPv6 connection status after valid connection
+   * imap: deal with commands case insensitively
+   * --interface: add support for Linux VRF
+   * content_encoding: fix inflate_stream for no bytes available
+   * cmake: Add missing setmode check
+   * connect.c: remove executable bit on file
+   * SMB: fix uninitialized local variable
+   * zlib/brotli: only include header files in modules needing them
+   * URL: return error on malformed URLs with junk after IPv6 bracket
+   * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
+   * macOS: Fix missing connectx function with Xcode version older than 9.0
+   * --resolve: allow IP address within [] brackets
+   * examples/curlx: Fix code style
+   * ntlm: remove unnecessary NULL-check to please scan-build
+   * Curl_llist_remove: fix potential NULL pointer deref
+   * mime: fix "Value stored to 'sz' is never read" scan-build error
+   * openssl: fix "Value stored to 'rc' is never read" scan-build error
+   * http2: fix "Value stored to 'hdbuf' is never read" scan-build error
+   * http2: fix "Value stored to 'end' is never read" scan-build error
+   * Curl_open: fix OOM return error correctly
+   * url: reject ASCII control characters and space in host names
+   * examples/rtsp: clear RANGE again after use
+   * connect: improve the bind error message
+   * make: fix "make distclean"
+   * connect: add support for new TCP Fast Open API on Linux
+   * metalink: fix memory-leak and NULL pointer dereference
+   * URL: update "file:" URL handling
+   * ssh: remove check for a NULL pointer
+   * global_init: ignore CURL_GLOBAL_SSL's absense
+
 -------------------------------------------------------------------
 Mon Oct 23 09:12:11 UTC 2017 - pmonrealgonzalez@suse.com
 

curl-mini.spec

@@ -32,7 +32,7 @@
 %endif
 
 Name:           curl-mini
-Version:        7.56.1
+Version:        7.57.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl

curl.changes

@@ -1,3 +1,80 @@
+-------------------------------------------------------------------
+Wed Nov 29 10:43:55 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Update to version 7.57.0  [bsc#1069226, CVE-2017-8816]
+  [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
+  Changes:
+   * auth: add support for RFC7616 - HTTP Digest access authentication
+   * share: add support for sharing the connection cache
+   * HTTP: implement Brotli content encoding
+  Bugfixes:
+   * CVE-2017-8816: NTLM buffer overflow via integer overflow
+   * CVE-2017-8817: FTP wildcard out of bounds read
+   * CVE-2017-8818: SSL out of buffer access
+   * curl_mime_filedata.3: fix typos
+   * libtest: Add required test libraries for lib1552 and lib1553
+   * fix time diffs for systems using unsigned time_t
+   * ftplistparser: memory leak fix: free temporary memory always
+   * multi: allow table handle sizes to be overridden
+   * wildcards: don't use with non-supported protocols
+   * curl_fnmatch: return error on illegal wildcard pattern
+   * transfer: Fix chunked-encoding upload too early exit
+   * resolvers: only include anything if needed
+   * setopt: fix CURLOPT_SSH_AUTH_TYPES option read
+   * Curl_timeleft: change return type to timediff_t
+   * cmake: Export libcurl and curl targets to use by other cmake projects
+   * curl: in -F option arg, comma is a delimiter for files only
+   * curl: improved ";type=" handling in -F option arguments
+   * timeval: use mach_absolute_time() on MacOS
+   * curlx: the timeval functions are no longer provided as curlx_*
+   * mkhelp.pl: do not generate comment with current date
+   * memdebug: use send/recv signature for curl_dosend/curl_dorecv
+   * cookie: avoid NULL dereference
+   * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
+   * include: remove conncache.h inclusion from where its not needed
+   * CURLOPT_MAXREDIRS: allow -1 as a value
+   * tests: Fixed torture tests on tests 556 and 650
+   * http2: Fixed OOM handling in upgrade request
+   * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
+   * CURLOPT_INFILESIZE: accept -1
+   * curl: pass through [] in URLs instead of calling globbing error
+   * curl: speed up handling of many URLs
+   * ntlm: avoid malloc(0) for zero length passwords
+   * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
+   * HTTP: support multiple Content-Encodings
+   * travis: add a job with brotli enabled
+   * url: remove unncessary NULL-check
+   * fnmatch: remove dead code
+   * connect: store IPv6 connection status after valid connection
+   * imap: deal with commands case insensitively
+   * --interface: add support for Linux VRF
+   * content_encoding: fix inflate_stream for no bytes available
+   * cmake: Add missing setmode check
+   * connect.c: remove executable bit on file
+   * SMB: fix uninitialized local variable
+   * zlib/brotli: only include header files in modules needing them
+   * URL: return error on malformed URLs with junk after IPv6 bracket
+   * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
+   * macOS: Fix missing connectx function with Xcode version older than 9.0
+   * --resolve: allow IP address within [] brackets
+   * examples/curlx: Fix code style
+   * ntlm: remove unnecessary NULL-check to please scan-build
+   * Curl_llist_remove: fix potential NULL pointer deref
+   * mime: fix "Value stored to 'sz' is never read" scan-build error
+   * openssl: fix "Value stored to 'rc' is never read" scan-build error
+   * http2: fix "Value stored to 'hdbuf' is never read" scan-build error
+   * http2: fix "Value stored to 'end' is never read" scan-build error
+   * Curl_open: fix OOM return error correctly
+   * url: reject ASCII control characters and space in host names
+   * examples/rtsp: clear RANGE again after use
+   * connect: improve the bind error message
+   * make: fix "make distclean"
+   * connect: add support for new TCP Fast Open API on Linux
+   * metalink: fix memory-leak and NULL pointer dereference
+   * URL: update "file:" URL handling
+   * ssh: remove check for a NULL pointer
+   * global_init: ignore CURL_GLOBAL_SSL's absense
+
 -------------------------------------------------------------------
 Mon Oct 23 09:12:11 UTC 2017 - pmonrealgonzalez@suse.com
 

curl.spec

@@ -30,7 +30,7 @@
 %endif
 
 Name:           curl
-Version:        7.56.1
+Version:        7.57.0
 Release:        0
 Summary:        A Tool for Transferring Data from URLs
 License:        curl